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Amendments to the Claims 

This listing of claims will replace all prior versions of claims in the 
Application. 

WHAT IS CLAIMED IS: 

1 . (previously presented) A data processing apparatus for a vehicle, including: 
a first data processing unit (A) connected to device control units of the 

vehicle; 

a second data processing unit (B) connected to communications apparatus 
providing a wireless connection to an external network, such that operation requests 
can be received at the second data processing unit (B) from the external network; 

a data communications link between the first and second data processing 
units; and 

a gateway component for controlling communications across the data 
communications link, the gateway component limiting passing of the operation 
requests from the second data processing unit to the vehicle's device control units to 
only a predefined set of permitted operations. 

2. (previously presented) A data processing apparatus according to claim 1, 
wherein the first data processing unit (A) is adapted to store in an unmodifiable form 
a list of said predefined set of permitted operations and includes a gateway 
component for comparing all operation requests received from the second data 
processing unit (B) with the list of permitted operations, and then to pass the 
permitted operation requests to respective ones of said device control units and to 
discard non-permitted operation requests. 
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3. (previously presented) A data processing apparatus according to claim 2 
wherein the first data processing unit (A) includes a static operating system 
environment and the gateway component of the first data processing unit (A) runs in 
the static operating system environment. 

4. (previously presented) A data processing apparatus according to claim 1, 
wherein the second data processing unit (B) is adapted to store one or more access 
control lists defining which operation requests are permitted for particular requestors, 
and wherein the second data processing unit (B) includes a gateway component for 
comparing all operation requests on the first data processing unit (A) with the access 
control lists and only passing to the first data processing unit (A) those operation 
requests which are permitted for the respective requestors and discarding non- 
permitted operation requests. 

5. (previously presented) A data processing apparatus according to claim 1, 
wherein: 

the first data processing unit (A) includes a Real Time Operating System; and 
the second data processing unit (B) includes means for performing 
authentication of requestors and a gateway component for comparing all operation 
requests sent to the first data processing unit (A) with access control lists and for 
passing to the first data processing unit (A) only those operation requests which are 
permitted for the respective requestors and discarding non-permitted operation 
requests. 

6. (cancelled) 

7. (currently amended) A data processing apparatus, including: 

a first data processing unit connected to one or more security-critical 
resources; 
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a second data processing unit connected to an external communications 
network such that operation requests can be received from the external network; 

a data communications link between the first and second data processing 
units; and 

a gateway component for controlling communications across the link, the 
gateway component limiting the operations which can be performed at the first data 
processing unit in response to requests from the second processing unit to only a 
predefined set of permitted operation, A data processing apparatus according to claim 
6; wherein the first and second data processing units and the link between them are 
implemented within a network-connected home environment, and the security-critical 
resources include security-critical devices within the home which are managed by 
application programs running on the first data processing unit. 

8. (currently amended) A data processing apparatus according to claim 6 7, 
wherein the external network is the Internet. 

9. (original) A secure gateway computer program for a network-connected 
vehicle, comprising: 

a first gateway component for running on a first data processing unit 
connected to one or more device control units of the vehicle; and 

a second gateway component for running on a second data processing unit 
connected to communications apparatus for providing a wireless connection to an 
external network; 

wherein the first and second components of the secure gateway computer 
program are adapted to jointly control communications across a link between the first 
and second data processing units so as to limit the operations which can be performed 
at the first data processing unit in response to requests from the second processing 
unit to only a predefined set of permitted operations. 
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10. (original) A method for controlling the initiation of operations relating to 
secure resources on a first data processing unit such that only a limited predefined set 
of operations can be initiated by requests from a second data processing unit 
connected to the first data processing unit by a communications link, the method 
comprising: 

storing a list of permitted operations which can be requested from the second 
data processing unit; 

comparing, by a secure gateway component which controls communications 
across the communications link, requests to perform operations relating to secure 
resources on the first data processing unit with the list of permitted operations; and 

only executing the permitted operations. 

1 1. (original) A method according to claim 10, implemented within a vehicle 
which includes the first and second data processing units, wherein the secure 
resources include the vehicle's internal device control units. 
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